11-03-2022 02:22 AM
Hello,
What is the easiest way to find out which snort rules are included in the latest SRU update? I couldn’t find any information on that in the SRU download section at Cisco.
The latest SRU available from Cisco is Cisco Secure Rule Update 2022-10-31-001and I am trying to figure out if the snort rules for the latest OpenSSL vulnerability (CVE-2022-3602 and CVE-2022-3786) are included there.
According to Talos, they released the following rules too address those vulnerabilities: 60790, 300306, 300307
If I search for CVE-2022-3602 in my IPS policy, I can find snort rule 300306 and 300307, but nothing when searching for CVE-2022-3786.
Thanks
/Chess
Solved! Go to Solution.
11-03-2022 09:13 AM
@Chess Norris the latest FMC LSP update as of this posting (2022-11-02) has the CVE. See screenshot below.
It looks like rule SID 60790 will be enabled in the next update. See https://snort.org/advisories/talos-rules-2022-11-03
11-03-2022 09:13 AM
@Chess Norris the latest FMC LSP update as of this posting (2022-11-02) has the CVE. See screenshot below.
It looks like rule SID 60790 will be enabled in the next update. See https://snort.org/advisories/talos-rules-2022-11-03
11-04-2022 01:21 AM
Thanks Marvin!
/Chess
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide